MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 50762c245b64ddede69fe5db39aec6c4c31bbb18520c6696368aa39ddea03006. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 50762c245b64ddede69fe5db39aec6c4c31bbb18520c6696368aa39ddea03006
SHA3-384 hash: 2ebd64137c30d99da29c016e776fffc7816a38e91c555b8afad67ce2f0cb2ffd16f98d28e5b04a1a872f8b60e0921f85
SHA1 hash: b9c1a1f1968d788dd30e748f9830482f2ec56f6b
MD5 hash: 4f334b62a81ad6cc0b5868120a225099
humanhash: carolina-spring-stream-skylark
File name:2e08c934e492a926b65301259bf60e17.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:283'136 bytes
First seen:2020-04-09 16:54:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:OkvVa2aEe9tIq6iO+2rdtQhnHj7Bc4WcYbM:C2a54dK9HH
Threatray 10'621 similar samples on MalwareBazaar
TLSH FB54089DAB48B902F33E1D36C1D9826013B191875912C34F6EC84FFA7F567CA385E299
Reporter abuse_ch
Tags:AgentTesla exe GuLoader


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1i4Jzj9RX1orCDEPdKrvGz9Yh2lY7lzYI

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7426372-1
Create hunting rule

Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-04-09 17:35:26 UTC
File Type:
PE (.Net Exe)
AV detection:
27 of 31 (87.10%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kb3cyjc3mto63zu74xnttlwgytbrxoyykiggnfrwrkrz3xvagada._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
180e63e884c208203b6f222673df84b703a55db642fcbc97183a979fc01381b8
AgentTesla
37f58916e43943d8dc35a2a931a7a6bfdb0a82ae3dd2f2579adefd6187a2c745
AgentTesla
47d82ba4710a3924c4c552d64568cc4e7384776ba1bbf1d84e2e9104a4e094a8
AgentTesla
4b5962005864c7cd8c362e37987f7091991f6f3f0a992e02e1b51beb92292a5d
AgentTesla
50f42960eb882be0f35a1f4d15edb0ab6e8aea2211dbae7c358288f2b7846fba
AgentTesla
5982c804cb3b2c334a54049f3883256169b7e406c2ec275cf3752119110e6382
AgentTesla
7d361a3eff51e1fd5abfb175450ef7a0323cf39b7b719b9189216ba06a85e3cd
AgentTesla
80f56695aceb9a29286d4ca72ca2d54c02aeb3e2f22167392306701ed91a281e
AgentTesla
d43c6aba8577d6f6e846545d25587748ff13e676320936f4c3104ba94e22e24c
AgentTesla
f3eaa29ba9a92a1fc2b07860c7077097bc92f9143be442be4d3d0ce5e9d035e9
AgentTesla
+ 10'611 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

arj d0326733a352a5c5b21489ce5b2e21ace51437473b5b2c1504247c7610602f03

GuLoader

Executable exe 5b89ef6de88e2a69a5f1f10d4a1ffcdb5a7562d184ff60162687f0e4d844f75f

AgentTesla

Executable exe 50762c245b64ddede69fe5db39aec6c4c31bbb18520c6696368aa39ddea03006

(this sample)

  
Dropped by
MD5 2e08c934e492a926b65301259bf60e17
  
Dropped by
MD5 47de773f9117bc11de81bb281866a9f5
  
Dropped by
GuLoader
  
Dropped by
SHA256 5b89ef6de88e2a69a5f1f10d4a1ffcdb5a7562d184ff60162687f0e4d844f75f
  
Dropped by
SHA256 a5e24bd96ee8d6c88baef09cc2761fe9689b90c96cc8dd8a6a87de1b18f03529
  
URLhaus
https://urlhaus.abuse.ch/url/337944/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments